Fix for KerberosDecrypt problem where additional garbage added to the…

… end of the buffer
opoet7 · Jun 4, 2021 · a85f413 · a85f413
1 parent 0099aeb
commit a85f413
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 9 deletions.
diff --git a/Rubeus/lib/Ask.cs b/Rubeus/lib/Ask.cs
@@ -76,8 +76,7 @@ public class Ask
             }
 
             // decode the supplied bytes to an AsnElt object
-            //  false == ignore trailing garbage
-            AsnElt responseAsn = AsnElt.Decode(response, false);
+            AsnElt responseAsn = AsnElt.Decode(response);
 
             // check the response value
             int responseTag = responseAsn.TagValue;
@@ -204,11 +203,10 @@ public static int GetKeySize(Interop.KERB_ETYPE etype) {
             }
 
             // decode the supplied bytes to an AsnElt object
-            //  false == ignore trailing garbage
             AsnElt responseAsn;
             try
             {
-                responseAsn = AsnElt.Decode(response, false);
+                responseAsn = AsnElt.Decode(response);
             }
             catch(Exception e)
             {
@@ -297,7 +295,7 @@ public static byte[] TGS(string userName, string domain, Ticket providedTicket,
 
             // decode the supplied bytes to an AsnElt object
             //  false == ignore trailing garbage
-            AsnElt responseAsn = AsnElt.Decode(response, false);
+            AsnElt responseAsn = AsnElt.Decode(response);
 
             // check the response value
             int responseTag = responseAsn.TagValue;
@@ -314,7 +312,7 @@ public static byte[] TGS(string userName, string domain, Ticket providedTicket,
 
                 // KRB_KEY_USAGE_TGS_REP_EP_SESSION_KEY = 8
                 byte[] outBytes = Crypto.KerberosDecrypt(paEType, Interop.KRB_KEY_USAGE_TGS_REP_EP_SESSION_KEY, clientKey, rep.enc_part.cipher);
-                AsnElt ae = AsnElt.Decode(outBytes, false);
+                AsnElt ae = AsnElt.Decode(outBytes);
                 EncKDCRepPart encRepPart = new EncKDCRepPart(ae.Sub[0]);
 
                 // if using /opsec and the ticket is for a server configuration for unconstrained delegation, request a forwardable TGT
@@ -475,8 +473,7 @@ public static byte[] TGS(string userName, string domain, Ticket providedTicket,
                 throw new RubeusException("[X] Encryption type \"" + etype + "\" not currently supported");
             }
 
-
-            AsnElt ae = AsnElt.Decode(outBytes, false);
+            AsnElt ae = AsnElt.Decode(outBytes);
 
             EncKDCRepPart encRepPart = new EncKDCRepPart(ae.Sub[0]);
 

diff --git a/Rubeus/lib/Crypto.cs b/Rubeus/lib/Crypto.cs
@@ -153,7 +153,7 @@ public static byte[] KerberosDecrypt(Interop.KERB_ETYPE eType, int keyUsage, byt
             status = pCSystemDecrypt(pContext, data, data.Length, output, ref outputSize);
             pCSystemFinish(ref pContext);
 
-            return output;
+            return output.Take(outputSize).ToArray();
         }
 
         // Adapted from Vincent LE TOUX' "MakeMeEnterpriseAdmin"